I’ve recently been visiting China and have been caught out by their Firewall. This hasn’t be too bad but Google Mail and Google Drive is really slow or intermittent. Also you can’t access YouTube or the BBC IPlayer. The final straw for me was for some reason they have blocked the Ubuntu Dropbox repository – so you can’t install Dropbox either.

I don’t have VPN account but we do have some servers. Therefore, I decided to route all the network traffic through one of our server.

I tried various options and final settled on sshuttle because I needed to route everything and not just Firefox. Sshuttle is a transparent proxy server that forwards over a SSH connection and sets up a proxy by running Python scripts on the remote server. I’m assuming your are running Ubuntu on both the client and the remote server. You will need administrative privileges on the client.

sudo apt-get install sshuttle

To route all traffic through sshuttle (except DNS):

sshuttle -r username@sshserver:port 0/0

You will then need to enter your password on your client and then the password for the remote machine. To help debug run sshuttle in verbose mode with the -v flag. The -r flag is the remote host (and username). The port 0/0 is short for 0.0.0.0/0 that represents the subnets to route over the VPN. The usage of 0/0 routes all the traffic except DNS requests to the remote server. If you need to tunnel your DNS too then add the -H flag.

Just has another little problem while upgrading from Ubuntu 12.04 to Ubuntu 12.10. It seems that smbfs no longers works in Ubuntu 12.10. Once again, why don’t the developers make a webpage or a popup application which tells you these changes? It would save hours of time for lots of users.

Anyhow, here is how I converted my fstab to work. Before it looked like this:

However, this didn’t fixed the problem. After some searching around it appears that reseting Unity to default fixed the issue. I wish the developers would make an upgrade script which checks that the Unity settings are okay (Firefox does this after an upgrade). Anyhow, here is how to reset Unity to its defaults. You can either:

unity --reset

Or you can use this script which manages the process for you: It is hosted on bitbucket at https://github.com/phanimahesh/unity-revamp . However, I installed it from the PPA:

KVM (Kernel Virtual Machine) is a brilliant visualization software. Over the last few years, I have installed quite a few hosts and have been keeping notes – so I thought that I would put them up on this blog.

Install Packages
Firstly, you need to install the basic Ubuntu packages. I use ubuntu-vm-builder which automates most of the tasks. The command to install everything you need is:

Out of interest, KVM doesn’t have it’s own configuration directory. You’ll find the configuration files in:

/etc/libvirt/qemu/

Add Networking Bridge Adaptor
To give your virtual machines access to the network and you need to create a bridge on the host server. You have already installed bridge-utils – so you just need to edit the network configuration in /etc/network/interfaces file. If you make a mistake here and restart the networking the server will loose it’s network connection and you will have to use servers virtual console or actually terminal on the server – if it worth double checking everything. Here is the configuration that I use:

If you have installed a firewall on the host server (I always use UFW because it’s so easy to use) then you will need to relax the firewall to allow connections for the bridge adaptor. To do this add the following line to /etc/ufw/before.rules, before COMMIT:

Installing a New Virtual Machine
To install a new VM you need to use vmbuilder. There are many, many, many options to vmbuilder. To view them all type vmbuilder –help. The command I use to create the vm’s is shown below. Obviously adjust everything to suit.

Your guest will be built. This will take some time as the host server has to connect to the Internet and download Ubuntu and install from there. Once it is complete, if you selected to install the openssh-server package you can SSH into the guest and continue your set up from there.

Starting and Stopping the Guest
After installation you will need to start the VM. To start and stop the guest you need to use Virsh (which you have already installed). You can start the Virsh console by typing virsh. Alternatively you can type commands after virsh at the bash shell and it will execute the commands and return to the shell.

To see the list of currently running guests:

virsh list

To start your guest type:

virsh start hostname

To stop a guest it is recommended to connect (via SSH or other) to the guest and use the guest OS’ shutdown command. If that is not possible you can try send the machine an ACPI shutdown command using:

virsh shutdown hostname

In order for Ubuntu VM’s to respond to ACPI shutdown request they need to have acpid and acpi-support packages installed. If you followed the instructions above when creating the VM, this will have already been installed. However, you can install them on the VM by running:

sudo apt-get install acpid acpi-support

If the guest doesn’t have ACPI enabled or doesn’t want to respond you can forcefully shutdown the machine by using the destroy command. This has to be the most worryingly named command – but don’t worry it only forcefully stops the VM. You run it by issuing:

virsh destroy hostname

If the guest hostname is not recognised, stop and restart the libvirt-bin service using:

sudo service libvirt-bin stop
sudo service libvirt-bin start

For reasons unknown it is not sufficient to simply restart the service, it has to be stopped and started. Fortunately the running VMs do not shutdown when stopping the libvirt-bin service.

In the last few years we’ve been migrating all our servers over to KVM virtual machines running on a Ubuntu servers. I’ve come to love VM’s. There seems to be compelling reasons for using them.

You can install a new VM very quickly without having to setup new hardware.

You can control the resources for each VM really easily – scaling memory and cpu. So it you can use resources more effectively.

You can backup an VM server really easily.

However, the best longterm reason is that you can move the VM’s really easily. For example, if you move to a new server hosting company, you just stop the VM instance, copy it to the new server host and restart it again. Brilliant. Even if you’re renting a dedicated server and are only going to use all it’s resources for one server, I highly recommend setting up the dedicated server as a host and running vm on top. This single VM can use all the cpu and memory. The overhead is very low and when you come to more to another dedicate host it will save you hours of configuration – just copy the VM.

We have avoided using cloud hosting (such as Amazon, Rackspace or Linode) for several reasons:

Your data isn’t in your control. I want my data on my hard drives.

Unlike the simplicity of raw or qcow2 disk images, you can’t move to an cloud hosted server very easily. Yes, I know Openstack is supposed to solve this problem – but in the meantime have you tried migrating from Linode? Basically, you need to reinstall.

If you have more than one server or need lots of space / cpu power then it is often cheaper hosting it yourself.

I just installed a new Syncology 814 server in our rack to give us some more storage for backups. It is very simple to use and well made. While browsing through the software that comes with the NAS, I discovered it has a centralised syslog server. There are instructions for installing the Syncology syslog server are here:

I’ve always wanted to centralise the syslogs of my servers to help with debugging. The key reasons are ensure that we have logs in the event a server was hacked and if a virtual machine crashes I can review the logs before restarting it.

Anyhow, I found it hard to find instructions for configuring Ubuntu 12.04 to send their syslog messages to the syslog server. As always – it is really simple when you know how.

Ubuntu uses a service called rsyslogd. Its configuration file is located at:

/etc/rsyslog.d/50-default.conf

This file tells the deamon where to log each type of message. For example – the follow entry means that all cron message are sent to /var/log/cron.log:

cron.* /var/log/cron.log

If you want to the cron messages to also be sent our new remote syslog server, then you can add this entry.

cron.* @syslogserverhostname:514

To keep it really simple – I wanted all my messages send to the syslog server. Why not – you can always filter them later. I simply added: